John Koster

Attention Filament users: we’ve identified and resolved a few security vulnerabilities. To address these vulnerabilities in your applications, please update to the following versions: v3.3.52 v4.11.5 v5.6.5

Happy Saturday, everyone! I hope you all have a great weekend 😊

@MattParkerDev @davidfowl Oh I like this

I added JSX syntax to C# (Roslyn), and built a React-like UI framework POC. Here it is in action, rendering my CSX component, incrementing state from a button click handler, re-rendering, and hot reload!

@aarondfrancis Oh heck yes. A side project idea I don’t have to do 🔥🔥

I'm building an API that will be primarily used by agents. Each time the lead agent makes a change, it spawns a new agent, tells it use the API to do a set of tasks, and report any papercuts. Then the lead agent fixes the papercuts, spawns another agent, and tries again. ♻️♻️

After a very thorough 3 day full security sweep and hardening process, we'd like to issue an official all clear ✅ on TanStack repo and package security. Full details have been updated in our post-mortem and security followup blog (linked below). TL;DR: - Only the Router/Start repo was affected. 42 monorepo packages, 2 versions per package. These were promptly deprecated within the hour and removed by NPM shortly after - All other repos and packages were unaffected and remain secure including: Query, DB, Store, AI, Table, Form, HotKeys, Virtual, Pacer, Config, Devtools, CLI, Intent, etc. - All available and published versions of every TanStack package are safe to download, including TanStack Router/Start. tanstack.com/blog/npm-suppl… tanstack.com/blog/incident-…

@jesseleite85 @savvycal Clean 🔥

Feeling cute, might delete later 💅

@aarondfrancis Hey now, that’s a secret!

Often times the answer to "how did you do this amazing thing" is "lol, a lot of work"

@jeffrey_way Yup, I do enjoy this style of AI-assisted dev! Maximize the fun

One thing I find myself doing lately is delegating the parts of building an app that I really don't enjoy (and am not particularly good at) to AI. But for the sections that I genuinely do enjoy...I'm inside my code editor writing it all by hand. I then have AI do a review.

AI obviously is here to stay, but I think this year will consist of developers rediscovering that writing code by hand is fun. "Oh I forgot that I really enjoy this."

@simonhamp Looks sick

Have given almost 30 folks access to the repo already Might do a video over the weekend Here's a screenshot ✌🏼

Might be my last chance on Outro to...

This looks awesome

nah im just not gonna run npm install anymore

@jasonlbeggs @aarondfrancis It just might

@aarondfrancis Hopefully it brings at least a tiny spark of joy to their grim lives

SECURITY ADVISORY — TanStack npm packages A supply-chain compromise affecting 42 @tanstack/* packages (84 versions total) was published to npm earlier today at approximately 19:20 and 19:26 UTC. Two malicious versions per package. Status: ACTIVE — packages are deprecated, npm security engaged, publish path being shut down. Severity: HIGH — payload exfiltrates AWS, GCP, Kubernetes, and Vault credentials, GitHub tokens, .npmrc contents, and SSH keys. If you installed any @tanstack/* package between 19:20 and 19:30 UTC today, treat the host as potentially compromised: • Rotate cloud, GitHub, and SSH credentials immediately • Audit cloud audit logs for the last several hours • Pin to a prior known-good version and reinstall from a clean lockfile Detection — the malicious manifest contains: "optionalDependencies": { "@tanstack/setup": "github:tanstack/router#79ac49ee..." } Any version with this entry is compromised. The payload is delivered via a git-resolved optionalDependency whose prepare script runs router_init.js (~2.3 MB, smuggled into each tarball at the package root). Unpublish is blocked by npm policy for most affected packages due to existing third-party dependents. All 84 versions are being deprecated with a SECURITY warning, and npm security has been engaged to pull tarballs at the registry level. Full technical breakdown, complete package and version list, and rolling status updates: github.com/TanStack/route… Credit to the security researcher for responsible disclosure.

@JohnONolan @Ghost 🔥

experimenting with a media library for @ghost (WIP)

@aarondfrancis How's your day going?

Subscribed to my third Codex Max plan last night after I maxed out the first two ama

Building an MCP server and set of skills and then interviewing the agents afterwards to learn what sucked about it such an interesting activity. Would recommend

Happy Sunday and Mother's Day!

Are you into coding? Take the survey, and you could be the lucky winner of a brand-new MacBook Pro.

@enunomaduro haha weirdly, i feel exactly the same way😅

i am 36 but feel younger than when i was 25… at all levels